CVE-2021-43003 – This vulnerability in Amzetta zPortal Windows z... (How to Fix)

Q: What is the severity of CVE-2021-43003?

CVE-2021-43003 has a CVSS score of 8.8 (HIGH). This vulnerability in Amzetta zPortal Windows zClient allows local attackers to execute arbitrary code with kernel privileges or cause denial of service via memory corruption. It affects users of zPortal Windows zClient version 3.2.8180.148 and earlier who have local access to the system.

📋 TL;DR

This vulnerability in Amzetta zPortal Windows zClient allows local attackers to execute arbitrary code with kernel privileges or cause denial of service via memory corruption. It affects users of zPortal Windows zClient version 3.2.8180.148 and earlier who have local access to the system.

💻 Affected Systems

Products:

Amzetta zPortal Windows zClient

Versions: <= v3.2.8180.148

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local access to the system where zClient is installed. Commonly used in cloud/remote desktop environments for USB over Ethernet functionality.

📦 What is this software?

Zportal Windows Zclient by Amzetta

View all CVEs affecting Zportal Windows Zclient →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via kernel-level arbitrary code execution leading to full administrative control, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation from standard user to SYSTEM/administrator privileges, enabling attackers to bypass security controls and install malware.

🟢

If Mitigated

Limited impact if proper access controls prevent local user execution or if vulnerable component is isolated.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to exploit.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access but the vulnerability is in a kernel driver, making reliable exploitation straightforward for attackers with basic reverse engineering skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version > 3.2.8180.148

Vendor Advisory: https://www.amzetta.com/security-advisory

Restart Required: Yes

Instructions:

1. Download latest zClient version from Amzetta portal. 2. Uninstall current zClient. 3. Install updated version. 4. Reboot system.

🔧 Temporary Workarounds

Disable zClient service

windows

Stop and disable the zClient service if USB over Ethernet functionality is not required

sc stop zClientService
sc config zClientService start= disabled

Remove vulnerable driver

windows

Uninstall the vulnerable zClient software completely

Control Panel > Programs > Uninstall zPortal Windows zClient

🧯 If You Can't Patch

Implement strict local access controls and limit user privileges
Monitor for unusual process creation from zClient or related services

🔍 How to Verify

Check if Vulnerable:

Check zClient version in Control Panel > Programs or run 'wmic product get name,version' and look for zPortal Windows zClient <= 3.2.8180.148

Check Version:

wmic product where "name like '%zPortal%'" get name,version

Verify Fix Applied:

Verify installed version is > 3.2.8180.148 and check that zClient service is running updated binaries

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from zClient.exe
Kernel driver loading events
System crashes with zClient driver references

Network Indicators:

Unusual local process communication patterns

SIEM Query:

Process Creation where Image contains 'zClient' AND ParentImage != expected_parent_process

📊 Metadata

CVE ID: CVE-2021-43003

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-190

Published: December 7, 2021

Last Updated: November 21, 2024

🔗 References

https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ Exploit,Technical Description,Third Party Advisory
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ Exploit,Technical Description,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43003, you might also want to check these: